Learn about the role of the Cert Graveyard in tracking, reporting, and preventing malware that leverage Extended Validation code-signing certificates.
Category Archives: Certificate Abuse
Quick abuse reports with certReport
The purpose of this blogpost is to formally introduce the certReport tool. The blog post will explain the tool’s function and give examples as to how to use it.
Impostor Certificates
It is common for malware to be signed with code signing certificates.
How is this possible? Impostors receive the cert directly and sign malware.
In this blog-post, we look at 100 certs used by Solarmarker malware to learn more.
Certified Bad
Authenticode Certificates are intended to ensure that software is created by vetted parties and that the software can be trusted; however, malware is often signed with valid Authenticode certificates and the process for signing malware and the implications are often misunderstood within InfoSec. This post takes a deep dive into my research on certificate abuse.
Squiblydoo.blog 